Tech

LinkedIn can’t use anti-hacking law to block web scraping, judges rule

The LinkedIn app icon seen on the display of an iPhone SE.

Enlarge (credit: Getty Images)

In a case involving LinkedIn, a federal appeals court reaffirmed Monday that web scraping likely doesn’t violate the Computer Fraud and Abuse Act (CFAA).

The ruling by the US Court of Appeals for the Ninth Circuit drew a distinction between data that is password-protected and data that is publicly available. That means hiQ Labs—a data analytics company that uses automated technology to scrape information from public LinkedIn profiles—can continue accessing LinkedIn data, a three-judge panel at the appeals court ruled:

[I]t appears that the CFAA’s prohibition on accessing a computer “without authorization” is violated when a person circumvents a computer’s generally applicable rules regarding access permissions, such as username and password requirements, to gain access to a computer. It is likely that when a computer network generally permits public access to its data, a user’s accessing that publicly available data will not constitute access without authorization under the CFAA. The data hiQ seeks to access is not owned by LinkedIn and has not been demarcated by LinkedIn as private using such an authorization system. HiQ has therefore raised serious questions about whether LinkedIn may invoke the CFAA to preempt hiQ’s possibly meritorious tortious interference claim.

Judges warn against “information monopolies”

The judges said they “favor a narrow interpretation of the CFAA’s ‘without authorization’ provision so as not to turn a criminal hacking statute into a ‘sweeping Internet-policing mandate.'” They also found that the public interest favors allowing access to LinkedIn data.

Read 16 remaining paragraphs | Comments